Configure optional settings

Cisco ASA IKEv2 VPN supports two optional settings: Client IP Reporting and Groups response.

Topics

Configure Client IP Reporting

To configure Okta to be able to parse, report on and eventually enforce policy based off of the source client IP Address you need to configure the Cisco ASA VPN (RADIUS) App in Okta as follows:

Enter the following settings in Advanced RADIUS Settings found on the Sign On tab for the RADIUS app in your Okta Admin Console, as shown below.

  • Client IP: Check Report client IP.
  • RADIUS End User IP Attributes: 31 Calling-Station-Id

Configure Groups Response

The app is capable of receiving and parsing groups on the standard Attribute Value Pairs (AVP) of 11 (Filter-Id) and 25 (Class). Configure the Cisco ASA VPN (RADIUS) App in Okta as follows:

Enter the settings shown below in Advanced RADIUS Settings found on the Sign On tab for the RADIUS app in your Okta Admin Console.